Archlinux to implement package signatures
Posted: 14 Oct 2011, 22:59
| With the package manager Pacman 4.01 Archlinux can now handle package signatures. This lack of signatures could be criticized and has been debated. Now the origin of the Binary packages will be traceable. As of today Pacman 4.01 is in the Testing repository. The transfer to signed packages needs some more work because there is no common PKI infrastructure for the distro. To begin with the packages will be signed with the personal PGP/GPG-Keys of the developers, and they have to be manually checked by the users. Only fitting for the 5th biggest distro in the world, that almost reluctantly keeps growing, |